[nsd-users] NSD 3.2.5 not serving NSEC3

Miek Gieben miek at miek.nl
Mon Mar 26 13:10:53 CEST 2012


[ Quoting <c.gielen at uvt.nl> in "[nsd-users] NSD 3.2.5 not serving N..." ]
> Hello,
> I'm converting my setup from NDS 3.0.7 to NSD 3.2.5. It seems like NSD3.2.5 does not server NSEC3 records.
> I've got a hidden master and two slaves. The master and one slave run NSD3.2.5, the other slave still runs 3.0.7.
> NSEC3 queries work for the old slave, but fail on the master and the new slave.
> 
> The slaves are provisioned through XFR.
 
> # dig +short  -tANY 7bomoj6sqq183dea9ljtlg4v6mta3vr8.mijnuvt.nl. @master.3.2.5
> # dig +short  -tANY 7bomoj6sqq183dea9ljtlg4v6mta3vr8.mijnuvt.nl. @slave.3.2.5
> # dig +short  -tANY 7bomoj6sqq183dea9ljtlg4v6mta3vr8.mijnuvt.nl. @slave.3.0.7
> 1 0 5 3F5B57AEA37819BD 9HGMPSH7HR04DVD5IR8U04F64KIGGE57 NS SOA MX RRSIG DNSKEY NSEC3PARAM
> NSEC3 8 3 3600 20120331095329 20120324082808 45505 mijnuvt.nl. LXAixCSfTI/C+MXAP77cpTXlpZjGu4cDsbGVFyhs7PjytoY7bB75/qIm l6eK67tgSN1yxSc1+A4fp0Fizv/+vTTgxZMTcX4+nAERkYJkWwykLRW8 xZD7QBlAeNJ58/LexU02mL/rfPngHScYJLdMRVUIu0O691YmIvEpDLJu ct4=
> 
> # proof that the servers are in sync

I don't know if you have found a bug in NSD, but trying to make a point
with ANY queries isn't helpful. There isn't a good spec. that tells
you what ANY should return.

grtz Miek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://open.nlnetlabs.nl/pipermail/nsd-users/attachments/20120326/25ab566f/attachment.pgp>


More information about the nsd-users mailing list